The UK Information Commissioner has published a Code of Practice on how to deal with subject access requests for personal information from individuals under the Data Protection Act 1988.
It provides guidance for data controllers on how to respond to subject access requests, explains how to deal with requests involving other peoples’ information, and gives practical examples of requests and various exemptions.
This Code will be of assistance to Employers in both Northern Ireland and the Republic of Ireland on how to respond to Subject Access Requests, but is not limited to Employee Information Requests.